Friday, Apr 18th, 2014 ↓

No company that advertises defines themselves as “an advertiser.” They have other businesses. Advertising might be valuable to them, but it’s still just a line item on the expense side of the balance sheet.

- Doc Searls

Comments (View)
Thursday, Apr 17th, 2014 ↓

“If something is worth saving, save it in an open file format.”

Comments (View)
Saturday, Apr 12th, 2014 ↓

What should you do about Heartbleed?

Based on what I’ve read from sources I trust in the tech press, here’s what I’m doing.

The short answer is: change your passwords.

Because security experts agree we should be changing our passwords regularly, in any case, this is easy advise to give. Like me, you probably don’t change them as often as the experts suggest. So, now is a good time to get off your butt and do it.

But what was the question?

This week you may have heard about the Heartbleed bug. You may be aware that some of your internet communications are encrypted, to protect the content of that communication. You may know that when a web address starts with “https" (note the letter S, for secure), all communication to and from the address is being encrypted. OpenSSL (a version of the universal SSL protocol) is used by the majority of “secure” web sites and services, including many that you probably use every day (including the web site you are reading now). Alas, it turns out the version of OpenSSL in widespread use for the last two years had an extremely serious security flaw this whole time. I’ll leave it to my favorite web comic to explain this breach with pictures.

So, the question most people have is: How serious a problem is this, really? And, more to the point, what should I do about it? Well, here’s what I’m doing about it.

THE ANSWER:

First of all, if you have above average security concerns, you should be consulting serious security experts, not me. (And if you aren’t already on top of issues like this, your security is in serious jeopardy.) But for the rest of us…

The simplest answer I can give is: change your passwords. Everywhere.

THE EASY WAY:

Okay, that sounds like a pain in the ass, doesn’t? I know I have more accounts than I can count on more services than I remember. And I’ve got other shit to do. So, what am I really doing?

I’m starting with the most critical services I use, the ones where I’d be seriously screwed if someone hijacked or had access to my account. Just take a minute to think about how much you really depend on different services, and it’s probably obvious which are most important to you.

For example, I’ve already changed the passwords on my business and personal email accounts. Email accounts are particularly important, in no small part, because other services will use an emailed verification to confirm significant changes. Thus, control of your email account(s) give you, or a hacker, control of many other services.

From here on, as I have occasion to log into the other services that I consider important, I’m taking an extra minute to change my password on each of those accounts, as well. Conveniently, the accounts I use most often tend to be the ones I consider most important. So, by adding this extra step when I sign in, I’ll update most of my essential passwords over the coming days.

It’s important to also remember those services which do not prompt you for a password (because they “remember you”). Dropbox and other storage services comes to mind.

MORE DETAILS:

There are many more details to this question. A few that spring to mind…

There’s little point changing the password for an account until after that service has updated the security software on their web servers. But most of the well known services already have.

Not all servers use OpenSSL; plenty use different implementations of SSL encryption. (My hasty research suggests major banks don’t seem to use OpenSSL.) Nonetheless — especially if you use the same password on many different accounts — you should change your password everywhere, because it’s possible that password was stolen from another service that did use this buggy software.

We don’t yet know everything about this bug, nor about its hypothetical and actual consequences. This is breaking news, still being investigated. But I wrote this article mostly for people who won’t take the time to follow that news. And because, in the time you would spend reading more about this, you could actually be doing something about it.

So, change your passwords. Then maybe mark your calendar to change them again, sometime after the investigation and mitigation of this problem has played out in the tech sector.

If I learn anything which contracts the simplicity of this advice, I’ll post updates on Twitter and Facebook. As always, if you know more about internet encryption than I do, I welcome your corrections.

Comments (View)
Monday, Apr 7th, 2014 ↓
Comments (View)
Friday, Mar 28th, 2014 ↓
Innovation is not the result of a moment in time, but of painstaking progress over years, even decades

- Ben Thompson

Comments (View)
Saturday, Mar 22nd, 2014 ↓

“We want our ISPs to be as boring as possible.”

Comments (View)
Friday, Mar 21st, 2014 ↓

what’s a RAID?

A RAID (a Redundant Array of Inexpensive Disks) is two or more hard drives connected together (usually inside the same enclosure) so that they act like a single bigger hard drive. There are several different kinds.

RAID 0, striped RAIDs, are for speed, striping (dividing) the data workload between two drives, kinda (vaguely) the way that two relay runners are faster than a single runner. Except that these two are circling the track and handing off the baton 7200 times per second!

RAID 1, mirrored RAIDs, are for on-the-fly backup purposes, protecting every bit of your data, right up until the second that one of its drives fails. It does this by saving everything twice, simultaneously, to two different drives. Because it is very unlikely both drives would fail at the same time, you should lose no data when one of them dies. Indeed, a mirrored RAID will keep working even when one of its two drives fails. They are a good choice wherever failure is not an option.

RAID 5 devices do more or less what a Drobo does. In theory, you just stick 3 or more bare hard drives into the box, and it does the rest, using them all. To you it will look like one big drive. But any one of those drives can die (or be removed or replaced) without any loss of data.

RAID 10 (RAID 1 + 0) uses four drives to both Stripe and Mirror all data. In other words it does both what a RAID 1 and RAID 0 do, all in one (big, expensive) box.

Clearly, different RAIDs are useful for completely different circumstances.  Most off-the-shelf RAIDS can be configure as either striped or mirrored; while the models with 4 hard drive slots give you more options. But they all cost more than a single drive of comparable capacity.

Most people do not really need one at home — especially if they already use an effective backup strategy. For routine (and lower cost) data backup, I use and usually recommend other methods.

Comments (View)
Friday, Mar 14th, 2014 ↓

file sharing, in reality

Dropbox logoThough, theoretically, a small home network should be less complicated for private sharing and automatic backup of your files, in reality, I usually find Dropbox* to be the simpler and more reliable solution. With my files stored “in the cloud”, I can access them from any device and anywhere that I have an internet connection. And, when I don’t have an internet connection, Dropbox still has a copy of every file on each of my computers. I’ve been using Dropbox everyday for 4 years, now, and couldn’t be happier with it.

__________

* This is a referral link. If you click it and install Dropbox on your computer, they will give you an additional 500 megabytes of free storage, and they’ll give me an extra gigabyte. Otherwise, it’s exactly the same as signing up for Dropbox's normal free account.

Comments (View)
Wednesday, Mar 12th, 2014 ↓

“(Today’s) conversations are never ending, and friends come and go at a pace dictated not by physicality, but rather by attention.”

Comments (View)
Monday, Mar 10th, 2014 ↓

Google Public Alerts →

A handy tool to quickly search for official notices of natural disasters, emergencies or severe weather.

Comments (View)
Thursday, Jan 23rd, 2014 ↓

"Statements (from corporations) should be interpreted as if you’re a lawyer trying to find a loophole. Because theirs will." →

Comments (View)
Wednesday, Jan 22nd, 2014 ↓

If I didn’t already own them, I’d take advantage of this $30 Productive Macs software bundle to buy ExpanDrive (normally $40), MacSnapper (normally $49) and Cocktail (normally $19). These three utility apps are not for casual Mac users. But for everyone who asks me how to copy their music, videos or books from their iPod, iPhone or iPad onto a computer, iRip (normally $24.95) could be your answer. I’ve never used the other four apps that round out this bundle; but, like many such bundles, you only need to use one or two of these eight for $30 to be a good deal.

Comments (View)
Monday, Jan 20th, 2014 ↓

"Profit is an accountant's opinion. Cash is a fact." →

Comments (View)
Sunday, Jan 19th, 2014 ↓

“When your own employees don’t use or support your product, the problem is with the product, not the employees.”

Comments (View)
Friday, Jan 17th, 2014 ↓

I don’t think ordinary citizens should struggle to fix the mainstream media. Rather, we should learn to BE the media.

Comments (View)